Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale
Vulnerability Description
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6.
CVSS Information
N/A
Vulnerability Type
PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)
Vulnerability Title
Carbon 安全漏洞
Vulnerability Description
Carbon是Carbon开源的一个 DateTime 的 PHP 扩展。 Carbon 3.0.0至3.8.4之前版本和2.72.6之前版本存在安全漏洞,该漏洞源于将未经过滤的用户输入传递给Carbon::setLocale的应用程序时存在任意文件包含的漏洞,导致攻击者可在其服务器上运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A